Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/f0i_3EGn8IsJSopI5E5lwdN1rPk.roa
File:                     f0i_3EGn8IsJSopI5E5lwdN1rPk.roa (raw, json)
Hash identifier:          1XppNveHXfAanvmazXm+9rBAd1bhIChWFGgVrA6WGkM=
Subject key identifier:   7F:48:BF:DC:41:A7:F0:8B:09:4A:8A:48:E4:4E:65:C1:D3:75:AC:F9
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091BF05CEE46C06CFA2BE54FEFC502C7
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/f0i_3EGn8IsJSopI5E5lwdN1rPk.roa
Signing time:             Sun 25 May 2025 20:21:55 +0000
ROA not before:           Sun 25 May 2025 20:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209883
IP address blocks:        2a13:b9c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:f0:5c:ee:46:c0:6c:fa:2b:e5:4f:ef:c5:02:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f48bfdc41a7f08b094a8a48e44e65c1d375acf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:2f:a7:59:03:ae:f9:8a:f8:09:7a:f0:1b:7f:
                    51:b8:4d:ba:df:cb:15:98:5f:eb:79:10:4c:2a:43:
                    11:3a:4c:e1:61:86:c1:ac:5f:ac:bf:fe:52:e1:bf:
                    44:e8:9b:31:3b:45:2b:dd:94:ad:24:de:7d:c3:3f:
                    f7:8d:ce:4a:55:6d:b8:f0:db:fc:d5:2c:53:08:0e:
                    4b:34:25:af:92:89:20:de:91:3b:b5:84:54:d6:b0:
                    8b:a0:16:fb:f1:b1:58:73:a4:97:b6:30:f7:fb:4f:
                    b9:f3:24:47:49:8b:77:97:fd:4c:fd:1b:f3:24:f1:
                    02:74:e6:d7:47:0d:65:ac:e8:64:68:d1:06:b4:87:
                    ac:f6:8c:64:08:2f:a2:31:c9:40:1d:d6:8d:2b:b2:
                    60:47:67:8c:76:b7:b2:b5:8a:ea:d7:5f:35:8e:6d:
                    8a:c9:3b:bb:98:29:9c:c7:24:7b:12:19:06:f9:f6:
                    f0:2c:c2:c8:cb:62:f1:d2:6c:a4:14:3f:67:d1:e3:
                    f3:b1:33:93:65:1b:d8:88:60:f1:5f:63:96:e7:2a:
                    e3:ef:52:8d:8c:d0:2d:de:28:3d:12:48:94:32:75:
                    bb:9d:3f:22:e7:62:9a:96:01:8d:05:db:f2:c7:e5:
                    bb:55:8f:6d:d8:cc:9c:b1:3c:b2:63:bf:5f:10:a9:
                    ef:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:48:BF:DC:41:A7:F0:8B:09:4A:8A:48:E4:4E:65:C1:D3:75:AC:F9
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/f0i_3EGn8IsJSopI5E5lwdN1rPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:e4:7c:ac:9a:f5:c7:9e:a7:8b:12:be:62:94:80:34:a9:80:
         34:af:26:a7:5f:28:6d:14:c0:80:2e:bb:9a:df:a8:68:95:9e:
         ce:50:57:22:db:24:d6:56:0b:b0:c7:76:b6:90:3b:38:2d:c8:
         60:07:0c:56:13:c7:27:0c:dd:31:e2:f9:7a:7d:78:c1:26:cb:
         84:ed:9b:1a:5a:b4:f7:e0:ec:60:4b:b5:68:3e:76:75:92:f2:
         35:bf:fd:de:94:7d:f7:99:00:ae:f4:ef:7d:cc:85:d8:cc:41:
         e7:be:b4:0d:69:5c:45:34:96:59:30:60:b0:5e:ff:9c:82:28:
         c2:b0:4b:94:e3:00:dc:a6:6f:d1:a6:32:0d:22:78:bb:0f:23:
         97:25:d6:ea:dc:69:7d:cd:6a:07:b5:2e:fa:a6:ca:5f:7f:67:
         1e:0c:13:29:70:49:af:f2:4e:24:54:63:ee:06:49:cf:03:45:
         92:e1:e3:02:c4:22:ee:0b:81:1c:91:d1:0d:5e:70:30:9f:24:
         9b:54:f7:3e:26:52:f8:f1:9a:d0:7c:d7:6c:6e:13:83:9b:10:
         bf:15:1e:2b:0d:c5:e1:03:17:27:20:18:4f:16:bb:e6:22:07:
         3f:67:02:05:9a:d7:47:5a:78:84:b6:d1:af:0f:24:ae:a1:c3:
         70:97:08:ac
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJG/Bc7kbAbPor5U/vxQLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQ4YmZkYzQxYTdmMDhiMDk0YThhNDhlNDRlNjVjMWQzNzVhY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7y+nWQOu+Yr4CXrwG39RuE2638sV
mF/reRBMKkMROkzhYYbBrF+sv/5S4b9E6JsxO0Ur3ZStJN59wz/3jc5KVW248Nv8
1SxTCA5LNCWvkokg3pE7tYRU1rCLoBb78bFYc6SXtjD3+0+58yRHSYt3l/1M/Rvz
JPECdObXRw1lrOhkaNEGtIes9oxkCC+iMclAHdaNK7JgR2eMdreytYrq1181jm2K
yTu7mCmcxyR7EhkG+fbwLMLIy2Lx0mykFD9n0ePzsTOTZRvYiGDxX2OW5yrj71KN
jNAt3ig9EkiUMnW7nT8i52KalgGNBdvyx+W7VY9t2MycsTyyY79fEKnv5wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH9Iv9xBp/CLCUqKSOROZcHTdaz5MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZjBpXzNFR244SXNKU29wSTVFNWx3ZE4xclBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5xTAN
BgkqhkiG9w0BAQsFAAOCAQEAuuR8rJr1x56nixK+YpSANKmANK8mp18obRTAgC67
mt+oaJWezlBXItsk1lYLsMd2tpA7OC3IYAcMVhPHJwzdMeL5en14wSbLhO2bGlq0
9+DsYEu1aD52dZLyNb/93pR995kArvTvfcyF2MxB5760DWlcRTSWWTBgsF7/nIIo
wrBLlOMA3KZv0aYyDSJ4uw8jlyXW6txpfc1qB7Uu+qbKX39nHgwTKXBJr/JOJFRj
7gZJzwNFkuHjAsQi7guBHJHRDV5wMJ8km1T3PiZS+PGa0HzXbG4Tg5sQvxUeKw3F
4QMXJyAYTxa75iIHP2cCBZrXR1p4hLbRrw8krqHDcJcIrA==
-----END CERTIFICATE-----